-
Notifications
You must be signed in to change notification settings - Fork 2.5k
/
Copy path10-images.at
402 lines (330 loc) · 14.7 KB
/
10-images.at
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
# -*- sh -*-
#
# Tests for image-related endpoints
#
# FIXME: API doesn't support pull yet, so use podman
podman pull -q $IMAGE
t GET libpod/images/json 200 \
length=1 \
.[0].Id~[0-9a-f]\\{64\\} \
.[0].Names[0]="$IMAGE"
iid=$(jq -r '.[0].Id' <<<"$output")
# Create an empty manifest and make sure it is not listed
# in the compat endpoint.
t GET images/json 200 length=1
podman manifest create foo
t GET images/json 200 length=1
t GET libpod/images/json 200 length=2
t GET libpod/images/$iid/exists 204
t GET libpod/images/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG/exists 204
t GET libpod/images/${iid}abcdef/exists 404 \
.cause="failed to find image ${iid}abcdef"
# FIXME: compare to actual podman info
t GET libpod/images/json 200 \
.[0].Id=${iid}
t GET libpod/images/$iid/json 200 \
.Id=$iid \
.RepoTags[0]=$IMAGE
# Same thing, but with abbreviated image id
t GET libpod/images/${iid:0:12}/json 200 \
.Id=$iid \
.RepoTags[0]=$IMAGE
# Docker API V1.24 filter parameter compatibility
t GET images/json?filter=$IMAGE 200 \
length=1 \
.[0].Names[0]=$IMAGE
# Negative test case
t GET images/json?filter=nonesuch 200 length=0
# FIXME: docker API incompatibility: libpod returns 'id', docker 'sha256:id'
t GET images/$iid/json 200 \
.Id=sha256:$iid \
.RepoTags[0]=$IMAGE
t POST "images/create?fromImage=alpine" 200 .error~null .status~".*Download complete.*"
t POST "libpod/images/pull?reference=alpine&compatMode=true" 200 .error~null .status~".*Download complete.*"
t POST "images/create?fromImage=alpine&tag=latest" 200 \
.status~"Already exists"
# 10977 - handle platform parameter correctly
# THIS IMAGE MUST NOT BE THE SAME AS $IMAGE
t POST "images/create?fromImage=quay.io/libpod/testimage:20221018&platform=linux/arm64" 200
t GET "images/testimage:20221018/json" 200 \
.Architecture=arm64
# Make sure that new images are pulled
old_iid=$(podman image inspect --format "{{.ID}}" docker.io/library/alpine:latest)
podman rmi -f docker.io/library/alpine:latest
podman tag $IMAGE docker.io/library/alpine:latest
t POST "images/create?fromImage=alpine" 200 .error~null .status~".*$old_iid.*"
podman untag docker.io/library/alpine:latest
t POST "images/create?fromImage=quay.io/libpod/alpine&tag=sha256:fa93b01658e3a5a1686dc3ae55f170d8de487006fb53a28efcd12ab0710a2e5f" 200
# create image from source with tag
# Note the "-" is used to use an empty body and not "{}" which is the default.
t POST "images/create?fromSrc=-&repo=myimage&tag=mytag" - 200
t GET "images/myimage:mytag/json" 200 \
.Id~'^sha256:[0-9a-f]\{64\}$' \
.RepoTags[0]="docker.io/library/myimage:mytag"
t POST /images/create?fromImage=busybox:invalidtag123 404
# Display the image history
t GET libpod/images/nonesuch/history 404
for i in $iid ${iid:0:12} $PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG; do
t GET libpod/images/$i/history 200 \
.[0].Id=$iid \
.[1].Id="<missing>" \
.[2].Id="<missing>" \
.[3].Id="<missing>" \
.[0].Created~[0-9]\\{10\\} \
.[0].Tags[0]="$IMAGE" \
.[0].Size=1024 \
.[1].Size=0 \
.[2].Size=0 \
.[3].Size=0 \
.[0].Comment="" \
.[1].Comment="" \
.[2].Comment="" \
.[3].Comment="FROM localhost/interim-image:latest" \
.[0].CreatedBy~".*/echo.*This container is intended for podman CI testing.*" \
.[1].CreatedBy~".* WORKDIR /home/podman" \
.[2].CreatedBy~".* LABEL created_at=.*" \
.[3].CreatedBy~".* LABEL created_by=test/system/build-testimage"
done
for i in $iid ${iid:0:12} $PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG; do
t GET images/$i/history 200 \
.[0].Id="sha256:$iid" \
.[1].Id="sha256:<missing>" \
.[2].Id="sha256:<missing>" \
.[3].Id="sha256:<missing>" \
.[0].Created~[0-9]\\{10\\} \
.[0].Tags[0]="$IMAGE" \
.[0].Size=1024 \
.[1].Size=0 \
.[2].Size=0 \
.[3].Size=0 \
.[0].Comment="" \
.[1].Comment="" \
.[2].Comment="" \
.[3].Comment="FROM localhost/interim-image:latest" \
.[0].CreatedBy~".*/echo.*This container is intended for podman CI testing.*" \
.[1].CreatedBy~".* WORKDIR /home/podman" \
.[2].CreatedBy~".* LABEL created_at=.*" \
.[3].CreatedBy~".* LABEL created_by=test/system/build-testimage"
done
# compat api pull image unauthorized message error
# This depends on whether we're using local cache registry or real quay
expect_code=401
expect_msg="unauthorized: access to the requested resource is not authorized"
if [[ -n "$CI_USE_REGISTRY_CACHE" ]]; then
# local registry has no auth, so it can return 404
expect_code=404
expect_msg="manifest unknown: manifest unknown"
fi
t POST "/images/create?fromImage=quay.io/idonotexist/idonotexist:dummy" $expect_code \
.message="$expect_msg"
# Export an image on the local
t GET libpod/images/nonesuch/get 404
t GET libpod/images/$iid/get?format=foo 500
t GET libpod/images/$PODMAN_TEST_IMAGE_NAME/get?compress=bar 400
for i in $iid ${iid:0:12} $PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG; do
t GET "libpod/images/$i/get" 200 '[POSIX tar archive]'
t GET "libpod/images/$i/get?compress=true" 200 '[POSIX tar archive]'
t GET "libpod/images/$i/get?compress=false" 200 '[POSIX tar archive]'
done
#compat api list images sanity checks
t GET images/json?filters='garb1age}' 500 \
.cause="invalid character 'g' looking for beginning of value"
t GET images/json?filters='{"label":["testl' 500 \
.cause="unexpected end of JSON input"
#libpod api list images sanity checks
t GET libpod/images/json?filters='garb1age}' 500 \
.cause="invalid character 'g' looking for beginning of value"
t GET libpod/images/json?filters='{"label":["testl' 500 \
.cause="unexpected end of JSON input"
# Prune images - bad all input
t POST libpod/images/prune?all='garb1age' 500 \
.cause="schema: error converting value for \"all\""
# Prune images - bad filter input
t POST images/prune?filters='garb1age}' 500 \
.cause="invalid character 'g' looking for beginning of value"
t POST libpod/images/prune?filters='garb1age}' 500 \
.cause="invalid character 'g' looking for beginning of value"
## Prune images with illformed label
t POST images/prune?filters='{"label":["tes' 500 \
.cause="unexpected end of JSON input"
t POST libpod/images/prune?filters='{"label":["tes' 500 \
.cause="unexpected end of JSON input"
#create, list and remove dangling image
podman image build -t test:test -<<EOF
from alpine
RUN >file1
EOF
podman image build -t test:test --label xyz --label abc -<<EOF
from alpine
RUN >file2
EOF
t GET images/json?filters='{"dangling":["true"]}' 200 length=1
t POST images/prune?filters='{"dangling":["true"]}' 200
t GET images/json?filters='{"dangling":["true"]}' 200 length=0
#label filter check in libpod and compat
t GET images/json?filters='{"label":["xyz","abc"]}' 200 length=1
t GET libpod/images/json?filters='{"label":["xyz"]}' 200 length=1
t DELETE libpod/images/test:test 200
t GET images/json?filters='{"label":["xyz"]}' 200 length=0
t GET libpod/images/json?filters='{"label":["xyz"]}' 200 length=0
# Must not error out: #20469
t POST images/prune?filters='{"dangling":["false"]}' 200
# to be used in prune until filter tests
podman image build -t test1:latest -<<EOF
from alpine
RUN >file3
EOF
# image should not be deleted
t GET images/json?filters='{"reference":["test1"]}' 200 length=1
t POST images/prune?filters='{"until":["500000"]}' 200
t GET images/json?filters='{"reference":["test1"]}' 200 length=1
t DELETE libpod/images/test1:latest 200
# to be used in prune until filter tests
podman image build -t docker.io/library/test1:latest -<<EOF
from alpine
RUN >file4
EOF
podman create --name test1 test1 echo hi
t DELETE images/test1:latest 409
podman rm test1
t DELETE images/test1:latest 200
t GET "images/get?names=alpine" 200 '[POSIX tar archive]'
podman pull busybox
t GET "images/get?names=alpine&names=busybox" 200 '[POSIX tar archive]'
img_cnt=$(tar xf "$WORKDIR/curl.result.out" manifest.json -O | jq "length")
is "$img_cnt" 2 "number of images in tar archive"
# check build works when uploading container file as a tar, see issue #10660
TMPD=$(mktemp -d podman-apiv2-test.build.XXXXXXXX)
function cleanBuildTest() {
podman rmi -a -f
rm -rf "${TMPD}" &> /dev/null
}
CONTAINERFILE_TAR="${TMPD}/containerfile.tar"
cat > $TMPD/containerfile << EOF
FROM $IMAGE
EOF
tar --format=posix -C $TMPD -cvf ${CONTAINERFILE_TAR} containerfile &> /dev/null
t POST "libpod/build?dockerfile=containerfile" $CONTAINERFILE_TAR 200 \
.stream~"STEP 1/1: FROM $IMAGE"
# Newer Docker client sets empty cacheFrom for every build command even if it is not used,
# following commit makes sure we test such use-case. See https://github.com/containers/podman/pull/16380
#TODO: This test should be extended when buildah's cache-from and cache-to functionally supports
# multiple remote-repos
t POST "libpod/build?dockerfile=containerfile&cachefrom=[]" $CONTAINERFILE_TAR 200 \
.stream~"STEP 1/1: FROM $IMAGE"
# With -q, all we should get is image ID. Test both libpod & compat endpoints.
t POST "libpod/build?dockerfile=containerfile&q=true" $CONTAINERFILE_TAR 200 \
.stream~'^[0-9a-f]\{64\}$'
t POST "build?dockerfile=containerfile&q=true" $CONTAINERFILE_TAR 200 \
.stream~'^[0-9a-f]\{64\}$'
# Override content-type and confirm that libpod rejects, but compat accepts
t POST "libpod/build?dockerfile=containerfile" $CONTAINERFILE_TAR application/json 400 \
.cause='Content-Type: application/json is not supported. Should be "application/x-tar"'
t POST "build?dockerfile=containerfile" $CONTAINERFILE_TAR application/json 200 \
.stream~"STEP 1/1: FROM $IMAGE"
# Libpod: allow building from url: https://github.com/alpinelinux/docker-alpine.git and must ignore any provided tar
t POST "libpod/build?remote=https%3A%2F%2Fgithub.com%2Falpinelinux%2Fdocker-alpine.git" $CONTAINERFILE_TAR 200 \
.stream~"STEP 1/5: FROM alpine:"
# Build api response header must contain Content-type: application/json
t POST "build?dockerfile=containerfile" $CONTAINERFILE_TAR application/json 200
response_headers=$(cat "$WORKDIR/curl.headers.out")
like "$response_headers" ".*application/json.*" "header does not contain application/json"
# Build api response header must contain Content-type: application/json
t POST "build?dockerfile=containerfile&pull=1" $CONTAINERFILE_TAR application/json 200
response_headers=$(cat "$WORKDIR/curl.headers.out")
like "$response_headers" ".*application/json.*" "header does not contain application/json"
# PR #12091: output from compat API must now include {"aux":{"ID":"sha..."}}
t POST "build?dockerfile=containerfile" $CONTAINERFILE_TAR 200 \
'.aux|select(has("ID")).ID~^sha256:[0-9a-f]\{64\}$'
t POST libpod/images/prune 200
t POST libpod/images/prune 200 length=0 []
# compat api must allow loading tar which contain multiple images
podman pull quay.io/libpod/alpine:latest quay.io/libpod/busybox:latest
podman save -o ${TMPD}/test.tar quay.io/libpod/alpine:latest quay.io/libpod/busybox:latest
t POST "images/load" ${TMPD}/test.tar 200 \
.stream="Loaded image: quay.io/libpod/busybox:latest,quay.io/libpod/alpine:latest"
t GET libpod/images/quay.io/libpod/alpine:latest/exists 204
t GET libpod/images/quay.io/libpod/busybox:latest/exists 204
CONTAINERFILE_WITH_ERR_TAR="${TMPD}/containerfile.tar"
cat > $TMPD/containerfile << EOF
FROM $IMAGE
RUN echo 'some error' >&2
EOF
tar --format=posix -C $TMPD -cvf ${CONTAINERFILE_WITH_ERR_TAR} containerfile &> /dev/null
t POST "/build?q=1&dockerfile=containerfile" $CONTAINERFILE_WITH_ERR_TAR 200
if [[ $output == *"some error"* ]];then
_show_ok 0 "compat quiet build" "[should not contain 'some error']" "$output"
else
_show_ok 1 "compat quiet build"
fi
# Do not try a real build here to tests the comma separated syntax as emulation
# is slow and may not work everywhere, checking the error is good enough to know
# we parsed it correctly on the server I would say
t POST "/build?q=1&dockerfile=containerfile&platform=linux/amd64,test" $CONTAINERFILE_WITH_ERR_TAR 400 \
.message="failed to parse query parameter 'platform': \"test\": invalid platform syntax for --platform=\"test\": \"test\": unknown operating system or architecture: invalid argument"
cleanBuildTest
# compat API vs libpod API event differences:
# on image removal, libpod produces 'remove' events.
# compat produces 'delete' events.
podman image build -t test:test -<<EOF
from $IMAGE
EOF
START=$(date +%s)
t DELETE libpod/images/test:test 200
# HACK HACK HACK There is a race around events being added to the journal
# This sleep seems to avoid the race.
# If it fails and begins to flake, investigate a retry loop.
sleep 1
# FIXME 2024-05-30 #22726: when running with a local cache registry, DELETE
# sometimes produces 5-6 events instead of the desired only-one.
t GET "libpod/events?stream=false&since=$START" 200 \
'select(.status | contains("remove")).Actor.Attributes.name~.*localhost/test:test'
t GET "events?stream=false&since=$START" 200 \
'select(.status | contains("delete")).Actor.Attributes.name~.*localhost/test:test'
# Test image removal with `noprune={true,false}`
podman create --name c_test1 $IMAGE true
podman commit -q c_test1 i_test1
podman create --name c_test2 i_test1 true
podman commit -q c_test2 i_test2
podman create --name c_test3 i_test2 true
podman commit -q c_test3 i_test3
t GET libpod/images/i_test1/json 200
iid_test1=$(jq -r '.Id' <<<"$output")
t GET libpod/images/i_test2/json 200
iid_test2=$(jq -r '.Id' <<<"$output")
t GET libpod/images/i_test3/json 200
iid_test3=$(jq -r '.Id' <<<"$output")
podman untag $iid_test1
podman untag $iid_test2
podman rm -af
# Deleting i_test3 with --no-prune must not remove _2 and _1.
t DELETE images/$iid_test3?noprune=true 200
t GET libpod/images/i_test3/exists 404
t GET libpod/images/$iid_test1/exists 204
t GET libpod/images/$iid_test2/exists 204
t DELETE images/$iid_test2?noprune=false 200
t GET libpod/images/$iid_test1/exists 404
t GET libpod/images/$iid_test2/exists 404
# If the /resolve tests fail, make sure to use ../registries.conf for the
# podman-service.
# With an alias, we only get one item back.
t GET libpod/images/podman-desktop-test123:this/resolve 200 \
.Names[0]="florent.fr/will/like:this"
# If no alias matches, we will get a candidate for each unqualified-search
# registry.
t GET libpod/images/no-alias-for-sure/resolve 200 \
.Names[0]="docker.io/library/no-alias-for-sure:latest" \
.Names[1]="quay.io/no-alias-for-sure:latest" \
.Names[2]="registry.fedoraproject.org/no-alias-for-sure:latest"
# Test invalid input.
t GET libpod/images/noCAPITALcharAllowed/resolve 400 \
.cause="repository name must be lowercase"
START=$(date +%s.%N)
# test pull-error API response
podman pull --retry 0 localhost:5000/idonotexist || true
t GET "libpod/events?stream=false&since=$START" 200 \
.status=pull-error \
.Action=pull-error \
.Actor.Attributes.name="localhost:5000/idonotexist" \
.Actor.Attributes.error~".*connection refused"
# vim: filetype=sh